From a0f27aa969c731f12a3aae04c88f626db37762b5 Mon Sep 17 00:00:00 2001 From: Takashi Kokubun Date: Tue, 14 Jul 2020 10:08:36 -0700 Subject: [PATCH] Move tested contents to files --- test/results/escape_safe_buffer.xhtml | 4 ++++ test/template_test.rb | 15 +++------------ test/templates/escape_safe_buffer.haml | 6 ++++++ 3 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 test/results/escape_safe_buffer.xhtml create mode 100644 test/templates/escape_safe_buffer.haml diff --git a/test/results/escape_safe_buffer.xhtml b/test/results/escape_safe_buffer.xhtml new file mode 100644 index 0000000000..0572d6b427 --- /dev/null +++ b/test/results/escape_safe_buffer.xhtml @@ -0,0 +1,4 @@ +
+ + + diff --git a/test/template_test.rb b/test/template_test.rb index c0bddbf8e0..82c2d84b94 100644 --- a/test/template_test.rb +++ b/test/template_test.rb @@ -248,18 +248,9 @@ def test_xss_protection_in_attributes end def test_xss_protection_in_attributes_with_safe_strings - assert_equal("
\n", render('%div{ "data-html" => "bar".html_safe }', :action_view)) - assert_equal(<<-HTML, render(<<-HAML, :action_view)) - - - -HTML -%meta{ content: %{'"}.html_safe } -- val = %{'"}.html_safe -%meta{ content: val } -- hash = { content: val } -%meta{ hash } -HAML + assert_renders_correctly('escape_safe_buffer') do |name| + render(File.read(File.expand_path("templates/#{name}.haml", __dir__)), :action_view) + end end def test_xss_protection_with_bang_in_interpolation diff --git a/test/templates/escape_safe_buffer.haml b/test/templates/escape_safe_buffer.haml new file mode 100644 index 0000000000..4fcde574ef --- /dev/null +++ b/test/templates/escape_safe_buffer.haml @@ -0,0 +1,6 @@ +%div{ 'data-html' => 'bar'.html_safe } +%meta{ content: %{'"}.html_safe } +- val = %{'"}.html_safe +%meta{ content: val } +- hash = { content: val } +%meta{ hash }